class DataCollectorCloudWatchEventTarget(CloudWatchEventTargetResource):
rule = DataCollectorEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'DataCollectorTarget' # Unique identifier
target_input = json.dumps({
'jobName': "AWS-Data-Collector",
'jobUuid': "pacman-aws-inventory-jar-with-dependencies",
'jobType': "jar",
'jobDesc': "AWS-Data-Collection",
'environmentVariables': [
{'name': "REDSHIFT_INFO", 'value': RedshiftCluster.get_redshift_info()},
{'name': "REDSHIFT_URL", 'value': RedshiftCluster.get_redshift_url()}
],
'params': [
{'encrypt': False, 'key': "package_hint", 'value': "com.tmobile.cso.pacman"},
{'encrypt': False, 'key': "accountinfo", 'value': AwsAccount.get_output_attr('account_id')},
{'encrypt': False, 'key': "base-account", 'value': AwsAccount.get_output_attr('account_id')},
{'encrypt': False, 'key': "discovery-role", 'value': BaseRole.get_output_attr('name')},
{'encrypt': False, 'key': "s3", 'value': BucketStorage.get_output_attr('bucket')},
{'encrypt': False, 'key': "s3-data", 'value': "inventory"}, # TODO: need to be changed with s3obj class
{'encrypt': False, 'key': "s3-processed", 'value': "backup"},
{'encrypt': False, 'key': "s3-role", 'value': BaseRole.get_output_attr('name')},
{'encrypt': False, 'key': "s3-region", 'value': AwsRegion.get_output_attr('name')},
{'encrypt': False, 'key': "file-path", 'value': "/home/ec2-user/data"},
{'encrypt': False, 'key': "base-region", 'value': AwsRegion.get_output_attr('name')}
]
})
def get_rule_engine_cloudwatch_rules_var():
"""
Read cloudwatch rule details from the json file and build dict with required details
Returns:
variable_dict_input (list): List of dict of rule details used to generate terraform variable file
"""
with open(
"resources/lambda_rule_engine/files/rule_engine_cloudwatch_rules.json",
"r") as fp:
data = fp.read()
data = data.replace("role/pacman_ro",
"role/" + BaseRole.get_input_attr('name'))
variable_dict_input = json.loads(data)
for index in range(len(variable_dict_input)):
mod = index % 10
item = {
'ruleId': variable_dict_input[index]['ruleUUID'],
'ruleParams': variable_dict_input[index]['ruleParams'],
'schedule': "cron(%s * * * ? *)" % str(mod)
}
variable_dict_input[index] = item
return variable_dict_input
def get_rule_engine_cloudwatch_rules_var():
"""
Read cloudwatch rule details from the json file and build dict with required details
Returns:
variable_dict_input (list): List of dict of rule details used to generate terraform variable file
"""
with open(
"resources/lambda_rule_engine/files/rule_engine_cloudwatch_rules.json",
"r") as fp:
data = fp.read()
data = data.replace("role/pacman_ro",
"role/" + BaseRole.get_input_attr('name'))
variable_dict_input = json.loads(data)
required_rules = []
for index in range(len(variable_dict_input)):
if variable_dict_input[index][
'assetGroup'] == "azure" and not need_to_enable_azure():
continue
mod = int(index % 20 + 5)
item = {
'ruleId': variable_dict_input[index]['ruleUUID'],
'ruleParams': variable_dict_input[index]['ruleParams'],
'schedule': "cron(%s */6 * * ? *)" % str(mod)
}
required_rules.append(item)
return required_rules
def get_rule_engine_cloudwatch_rules_var():
with open(
"resources/lambda_rule_engine/files/rule_engine_cloudwatch_rules.json",
"r") as fp:
data = fp.read()
data = data.replace("role/pacman_ro",
"role/" + BaseRole.get_input_attr('name'))
variable_dict_input = json.loads(data)
for index in range(len(variable_dict_input)):
mod = index % 10
item = {
'ruleId': variable_dict_input[index]['ruleUUID'],
'ruleParams': variable_dict_input[index]['ruleParams'],
'schedule': "cron(%s * * * ? *)" % str(mod)
}
variable_dict_input[index] = item
return variable_dict_input
def get_provisioners(self):
script = os.path.join(get_terraform_scripts_dir(), 'sql_replace_placeholder.py')
db_user_name = MySQLDatabase.get_input_attr('username')
db_password = MySQLDatabase.get_input_attr('password')
db_host = MySQLDatabase.get_output_attr('endpoint')
local_execs = [
{
'local-exec': {
'command': script,
'environment': {
'SQL_FILE_PATH': self.dest_file,
'ENV_region': AwsRegion.get_output_attr('name'),
'ENV_account': AwsAccount.get_output_attr('account_id'),
'ENV_eshost': ESDomain.get_http_url(),
'ENV_esport': ESDomain.get_es_port(),
'ENV_LOGGING_ES_HOST_NAME': ESDomain.get_output_attr('endpoint'),
'ENV_LOGGING_ES_PORT': str(ESDomain.get_es_port()),
'ENV_ES_HOST_NAME': ESDomain.get_output_attr('endpoint'),
'ENV_ES_PORT': str(ESDomain.get_es_port()),
'ENV_ES_CLUSTER_NAME': ESDomain.get_input_attr('domain_name'),
'ENV_ES_PORT_ADMIN': str(ESDomain.get_es_port()),
'ENV_ES_HEIMDALL_HOST_NAME': ESDomain.get_output_attr('endpoint'),
'ENV_ES_HEIMDALL_PORT': str(ESDomain.get_es_port()),
'ENV_ES_HEIMDALL_CLUSTER_NAME': ESDomain.get_input_attr('domain_name'),
'ENV_ES_HEIMDALL_PORT_ADMIN': str(ESDomain.get_es_port()),
'ENV_ES_UPDATE_HOST': ESDomain.get_output_attr('endpoint'),
'ENV_ES_UPDATE_PORT': str(ESDomain.get_es_port()),
'ENV_ES_UPDATE_CLUSTER_NAME': ESDomain.get_input_attr('domain_name'),
'ENV_PACMAN_HOST_NAME': ApplicationLoadBalancer.get_http_url(),
'ENV_RDS_URL': MySQLDatabase.get_rds_db_url(),
'ENV_RDS_USERNAME': MySQLDatabase.get_input_attr('username'),
'ENV_RDS_PASSWORD': MySQLDatabase.get_input_attr('password'),
'ENV_JOB_BUCKET_REGION': AwsRegion.get_output_attr('name'),
'ENV_RULE_JOB_BUCKET_NAME': BucketStorage.get_output_attr('bucket'),
'ENV_JOB_LAMBDA_REGION': AwsRegion.get_output_attr('name'),
'ENV_JOB_FUNCTION_NAME': SubmitJobLambdaFunction.get_input_attr('function_name'),
'ENV_JOB_FUNCTION_ARN': SubmitJobLambdaFunction.get_output_attr('arn'),
'ENV_RULE_BUCKET_REGION': AwsRegion.get_output_attr('name'),
'ENV_RULE_JOB_BUCKET_NAME': BucketStorage.get_output_attr('bucket'),
'ENV_RULE_LAMBDA_REGION': AwsRegion.get_output_attr('name'),
'ENV_RULE_FUNCTION_NAME': RuleEngineLambdaFunction.get_input_attr('function_name'),
'ENV_RULE_FUNCTION_ARN': RuleEngineLambdaFunction.get_output_attr('arn'),
'ENV_CLOUD_INSIGHTS_TOKEN_URL': "http://localhost",
'ENV_CLOUD_INSIGHTS_COST_URL': "http://localhost",
'ENV_SVC_CORP_USER_ID': "testid",
'ENV_SVC_CORP_PASSWORD': "******",
'ENV_CERTIFICATE_FEATURE_ENABLED': "false",
'ENV_PATCHING_FEATURE_ENABLED': "false",
'ENV_VULNERABILITY_FEATURE_ENABLED': str(Settings.get('ENABLE_VULNERABILITY_FEATURE', False)).lower(),
'ENV_MAIL_SERVER': Settings.MAIL_SERVER,
'ENV_PACMAN_S3': "pacman-email-templates",
'ENV_DATA_IN_DIR': "inventory",
'ENV_DATA_BKP_DIR': "backup",
'ENV_PAC_ROLE': BaseRole.get_input_attr('name'),
'ENV_BASE_REGION': AwsRegion.get_output_attr('name'),
'ENV_DATA_IN_S3': BucketStorage.get_output_attr('bucket'),
'ENV_BASE_ACCOUNT': AwsAccount.get_output_attr('account_id'),
'ENV_PAC_RO_ROLE': BaseRole.get_input_attr('name'),
'ENV_MAIL_SERVER_PORT': Settings.MAIL_SERVER_PORT,
'ENV_MAIL_PROTOCOL': Settings.MAIL_PROTOCOL,
'ENV_MAIL_SERVER_USER': Settings.MAIL_SERVER_USER,
'ENV_MAIL_SERVER_PWD': Settings.MAIL_SERVER_PWD,
'ENV_MAIL_SMTP_AUTH': Settings.MAIL_SMTP_AUTH,
'ENV_MAIL_SMTP_SSL_ENABLE': Settings.MAIL_SMTP_SSL_ENABLE,
'ENV_MAIL_SMTP_SSL_TEST_CONNECTION': Settings.MAIL_SMTP_SSL_TEST_CONNECTION,
'ENV_PACMAN_LOGIN_USER_NAME': "*****@*****.**",
'ENV_PACMAN_LOGIN_PASSWORD': "******",
'ENV_CONFIG_CREDENTIALS': "dXNlcjpwYWNtYW4=",
'ENV_CONFIG_SERVICE_URL': ApplicationLoadBalancer.get_http_url() + "/api/config/rule/prd/latest",
'ENV_PACBOT_AUTOFIX_RESOURCEOWNER_FALLBACK_MAILID': Settings.get('USER_EMAIL_ID', ""),
'ENV_QUALYS_INFO': Settings.get('QUALYS_INFO', ""),
'ENV_QUALYS_API_URL': Settings.get('QUALYS_API_URL', "")
},
'interpreter': [Settings.PYTHON_INTERPRETER]
}
}
]
return local_execs
class S3ResourcePolicyAttachToBaseRole(iam.IAMRolePolicyAttachmentResource):
role = BaseRole.get_output_attr('name')
policy_arn = S3ResourcePolicy.get_output_attr('arn')